codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Sauyon Lee	a2c84023d6	Add spring stringutils stub	2021-04-02 01:30:37 -07:00
Chris Smowton	7fb5bd0cab	Add tests for and slightly expand models of Commons Lang's ArrayUtils class	2021-03-25 15:11:51 +00:00
Anders Schack-Mulligen	a1ccbcdaf1	Merge pull request #5260 from artem-smotrakov/spring-http-invoker Java: Query for detecting unsafe deserialization with Spring exporters	2021-03-24 13:57:17 +01:00
Anders Schack-Mulligen	27408fefe2	Merge pull request #5008 from torque59/cwe-346 Java: Queries to detect remote source flow origins to CORS header.	2021-03-23 13:54:00 +01:00
haby0	fe046ec71e	Merge remote-tracking branch 'upstream/main' into main	2021-03-22 17:25:37 +08:00
haby0	c516d69b98	Merge remote-tracking branch 'upstream/main' into main	2021-03-17 16:42:48 +08:00
Joe Farebrother	1e3c4d0eb1	Add stubs to fix broken test case	2021-03-16 14:24:49 +00:00
Anders Schack-Mulligen	45c9428668	Merge pull request #5337 from smowton/smowton/feature/commons-lang-random-sources Java: Add support for Commons-Lang's RandomUtils	2021-03-15 16:21:01 +01:00
Chris Smowton	1c1ca70027	Add models for flow- and taint-preserving functions in Commons ObjectUtils. These should all be value-preserving, but we don't support value-preserving varargs methods yet.	2021-03-11 16:22:54 +00:00
Artem Smotrakov	0a5d58ed8a	Cover more configurations in UnsafeSpringExporterInConfigurationClass.ql	2021-03-10 21:15:19 +03:00
Chris Smowton	9163893879	Add models for Commons-Lang's RegExUtils class	2021-03-09 15:11:13 +00:00
Joe Farebrother	7a4ce83169	Merge pull request #5310 from joefarebrother/guava-io Java: Add modelling for Guava IO utilities	2021-03-09 11:19:44 +00:00
p0wn4j	6841f5f7c4	Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query Java: Add NashornScriptEngine detection in ScriptEngine query	2021-03-06 16:19:07 +04:00
Chris Smowton	e3cf5c235e	Add support for Commons-Lang's RandomUtils This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.	2021-03-05 12:09:33 +00:00
Joe Farebrother	d30d1a2ab2	Add unit tests and fix issues	2021-03-05 11:19:52 +00:00
Joe Farebrother	c12f8035c4	Add stubs for unit tests	2021-03-05 11:19:25 +00:00
Anders Schack-Mulligen	00983c8967	Merge pull request #4965 from artem-smotrakov/jexl-injection Java: Query for detecting JEXL injections	2021-03-05 10:52:36 +01:00
Anders Schack-Mulligen	20ccb52912	Merge pull request #4299 from torque59/play-framework Initial support for Java - Play Framework > 2.6.x	2021-03-05 10:51:53 +01:00
Chris Smowton	b0ba0585a7	Add models for Apache Commons Lang and Text's Str[ing]Substitutor	2021-03-04 11:11:55 +00:00
Chris Smowton	f749c31136	Add models for commons lang/text's Str[ing]Lookup class	2021-03-04 11:11:55 +00:00
Chris Smowton	1580d23b2b	Add models for WordUtils and StrTokenizer Both of these have commons-text and commons-lang variants.	2021-03-04 11:11:55 +00:00
Anders Schack-Mulligen	3400c121d6	Merge pull request #5202 from joefarebrother/apache-http Java: Add modelling for Apache HTTP Components	2021-03-03 13:41:41 +01:00
Francis Alexander	173c4b7f2f	More Play stubs improvements	2021-03-02 20:39:25 +05:30
Francis Alexander	4384f78595	Play stubs improvements, cleanup and return values	2021-03-02 16:50:16 +05:30
Artem Smotrakov	15a43ffe36	Simplified returnsRemoteInvocationSerializingExporter()	2021-02-27 13:41:20 +01:00
Tamás Vajk	505d04b13e	Merge pull request #5102 from luchua-bc/java/main-method-in-servlet Java: CWE-489 Query to detect main() method in servlets	2021-02-25 16:05:06 +01:00
Artem Smotrakov	aac0c27dcd	Added tests for SpringHttpInvokerUnsafeDeserialization.ql	2021-02-24 22:35:20 +01:00
Artem Smotrakov	34b6ed0a05	Removed commented code from JexlUberspect	2021-02-24 22:31:03 +01:00
Joe Farebrother	e13c779f0f	Add additional unit tests	2021-02-23 16:17:13 +00:00
Joe Farebrother	7b5961769a	Add unit tests for version 5.x	2021-02-23 14:26:12 +00:00
Joe Farebrother	cf58a90d74	Add unit tests for utility methods	2021-02-23 14:26:12 +00:00
Joe Farebrother	5bba7f6df7	Add unit tests	2021-02-23 14:26:11 +00:00
luchua-bc	3d9ac0d094	Add query for enterprise beans	2021-02-20 02:00:42 +00:00
Francis Alexander	40f4e71b86	Merge branch 'main' into cwe-346	2021-02-17 18:55:31 +05:30
Chris Smowton	10112c50ab	Add support for StrBuilder and TextStringBuilder in commons-text These are identical to the current deprecated StrBuilder in commons-lang3.	2021-02-17 09:36:28 +00:00
Chris Smowton	a63f18e49d	Add models for Commons-Lang's StrBuilder class. These exclude its fluent methods for the time being, which will be added in a forthcoming PR.	2021-02-17 09:36:20 +00:00
Chris Smowton	a2eeffa9c0	Add support for Apache Commons Lang StringUtils	2021-02-16 14:48:39 +00:00
haby0	2c96e6cf96	Merge remote-tracking branch 'upstream/main' into main	2021-02-16 17:54:01 +08:00
haby0	22e741c7a3	*)add XQExpression.executeCommand(0) sink	2021-02-12 11:17:42 +08:00
Artem Smotrakov	042c0b005e	Covered sandboxes for JEXL 2 - Updated SandboxedJexlFlowConfig to cover JEXL 2 - Added SandboxedJexl2 test	2021-02-11 22:57:26 +01:00
haby0	a6a0fa28c4	*)add XQExpression.executeQuery(0) sink	2021-02-11 16:05:48 +08:00
Artem Smotrakov	af0f361ac8	Updated JexlInjection.ql to check for sandboxes - Added a dataflow config to track setting a sandbox on JexlBuilder - Added SandboxedJexl3.java test	2021-02-10 22:19:45 +01:00
yo-h	e194411cfa	Java: fix javac errors in test code	2021-02-09 09:16:57 -05:00
luchua-bc	a183b00166	Query to detect main method in servlets	2021-02-05 03:53:01 +00:00
Francis Alexander	683233333c	test case return statements and feedback	2021-02-04 22:28:10 +05:30
haby0	b76854a384	*)add CWE-652 test case	2021-01-27 10:14:33 +08:00
Francis Alexander	19872e9aed	More Feedback integration	2021-01-26 17:24:17 +05:30
Joe Farebrother	d69ecde5c1	Java: Add additional flow steps for guava collection methods and more unit tests	2021-01-25 16:37:40 +00:00
Francis Alexander	a64fc2b24e	Java: Queries to detect remote source flow to CORS header	2021-01-24 18:58:39 +05:30
Artem Smotrakov	7d2d27394b	Java: Added a source and a taint step for JexlInjectionConfig - Added TaintedSpringRequestBody source - Added returningTaintedDataFromBean() taint step - Added tests	2021-01-17 22:28:42 +01:00

1 2 3

108 Commits